On Mon, 2008-01-28 at 15:41 -0500, Paul Kyzivat wrote: > > Scott Lawrence wrote:
> > It helps to understand the problem we were trying to solve. The proxy > > may restrict some users to a subset of possible calls - for example, I > > might be allowed to make local PSTN calls but not International PSTN > > calls. This is enforced by challenging an INVITE that requires some > > privilege level and then using the authenticated identity to look for > > that privilege (note: this has no relationship to any registration > > authentication; registration only controls what calls we route _to_ a > > UAS; it has no effect on calls _from_ a UAC). > > You say there is no relationship. Do you mean that this is an > independent authentication, from a different realm with unique > credentials from those used for registration? Or do you just mean tha > registration doesn't confer a right to make these calls, so they are > still challenged, but that the same realm and credentials are used. I just mean to point out that we don't (as many systems do) use the fact that a particular contact is registered (and was authenticated) at a particular IP:port to infer anything about any requests coming from that IP:port or with that Contact value in them. Each request that is challenged is independent - in theory, a UA might use one identity to register to receive calls and a different one to make calls (I don't know of any that do that, but it wouldn't bother our proxy). The challenge is for the same realm, and any identity in that realm for which you have the right credentials will work. -- Scott Lawrence tel:+1.781.229.0533;ext=162 or sip:[EMAIL PROTECTED] sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs CTO, Voice Solutions - Bluesocket Inc. http://www.bluesocket.com/ http://www.pingtel.com/ _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
